|
1 | 1 | # Verify FormsAuthentication cookie on request through custom attribute |
2 | 2 |
|
3 | | -> httpModule for FormsAuthentication verification on requests using custom attributes. |
| 3 | +ASP.NET HttpModule for verification of FormsAuthentication on requests, using custom attributes. |
| 4 | + |
| 5 | +## Setup: |
| 6 | + |
| 7 | +### Web.config |
| 8 | +```xml |
| 9 | +<?xml version="1.0" encoding="utf-8"?> |
| 10 | +<configuration> |
| 11 | + <system.webServer> |
| 12 | + <!--RequireAuthentication Module--> |
| 13 | + <modules> |
| 14 | + <add name="AttributeBasedFormsAuthenticationModule" type="AttributeBasedFormsAuthenticationModule" preCondition="integratedMode" /> |
| 15 | + </modules> |
| 16 | + </system.webServer> |
| 17 | +</configuration> |
4 | 18 |
|
| 19 | +``` |
| 20 | + |
| 21 | +### Global.asax: |
| 22 | +```asp |
| 23 | +<%@ Application Language="VB" %> |
| 24 | +
|
| 25 | +<script RunAt="server"> |
| 26 | + Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs) |
| 27 | + Me.UseAuthorization() |
| 28 | + End Sub |
| 29 | +</script> |
| 30 | +``` |
| 31 | + |
| 32 | +### DO NOT FORGET BEFORE USING: |
| 33 | + |
| 34 | +* Make sure your FormsAuthentication cookie is set correctly |
| 35 | +* Verify/change the assembly metadata for System.Web.Extensions which is used to get the Type definition for RestHandlerWithSession: |
| 36 | +```csharp |
| 37 | +Type _RestHandlerWithSessionType = Type.GetType("System.Web.Script.Services.RestHandlerWithSession, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"); |
5 | 38 |
|
| 39 | +// the "Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" part must match YOUR spesific scenario |
| 40 | +``` |
6 | 41 |
|
7 | | -## Currently supported use cases - C#: |
| 42 | +## Supported Use Cases: |
8 | 43 |
|
9 | 44 | ### Decorated on spesific PageMethod's or Ajax WebMethod's: |
10 | 45 |
|
|
13 | 48 | [WebMethod] |
14 | 49 | public string AjaxMethod() { |
15 | 50 | ``` |
16 | | - |
17 | | - |
18 | | -### Decorated on Page Class: |
19 | | -```csharp |
20 | | -[RequiresAuthentication] |
21 | | -public partial class WebFormsPage : System.Web.UI.Page |
22 | | -``` |
23 | | -### Decorated on MasterPage Class: |
24 | | -```csharp |
25 | | -[RequiresAuthentication] |
26 | | -public partial class WebFormsMasterPage : System.Web.UI.MasterPage |
27 | | -``` |
28 | | -### Decorated on WebService Class: |
| 51 | +or |
| 52 | +### Decorated on the main WebService Class: |
29 | 53 | ```csharp |
30 | 54 | [RequiresAuthentication] |
31 | 55 | [System.Web.Script.Services.ScriptService()] |
32 | 56 | [WebService(Namespace = "http://localhost:8080/")] |
33 | 57 | [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] |
34 | 58 | [global::Microsoft.VisualBasic.CompilerServices.DesignerGenerated()] |
35 | 59 | public class AspAjaxWebService : System.Web.Services.WebService |
36 | | -{ |
37 | | -} |
38 | 60 | ``` |
39 | 61 |
|
40 | | ---- |
41 | | - |
42 | | -## Currently supported use cases - VB.NET: |
43 | | - |
44 | | -### Decorated on spesific PageMethod's or Ajax WebMethod's: |
45 | | -```vb |
46 | | -<RequiresAuthentication> |
47 | | -<WebMethod> |
48 | | -public function AjaxMethod() as string |
49 | | -``` |
50 | | - |
51 | | -### Decorated on Page Class: |
52 | | -```vb |
53 | | -<RequiresAuthentication> |
54 | | -Partial Class WebFormsPage |
55 | | - Inherits System.Web.UI.Page |
56 | | -``` |
57 | | - |
58 | | -### Decorated on MasterPage Class: |
59 | | -```vb |
60 | | -<RequiresAuthentication> |
61 | | -Partial Class WebFormsMasterPage |
62 | | - Inherits System.Web.UI.MasterPage |
63 | | -``` |
64 | | - |
65 | | -### Decorated on WebService Class: |
66 | | -```vb |
67 | | -<RequiresAuthentication> |
68 | | -<System.Web.Script.Services.ScriptService()> |
69 | | -<WebService([Namespace]:="http://localhost:8080/")> |
70 | | -<WebServiceBinding(ConformsTo:=WsiProfiles.BasicProfile1_1)> |
71 | | -<[global].Microsoft.VisualBasic.CompilerServices.DesignerGenerated()> |
72 | | -Public Class AspAjaxWebService |
73 | | - Inherits System.Web.Services.WebService |
74 | | -End Class |
| 62 | +### Decorated on a Page Class: |
| 63 | +```csharp |
| 64 | +[RequiresAuthentication] |
| 65 | +public partial class WebFormsPage : System.Web.UI.Page |
75 | 66 | ``` |
76 | | - |
77 | | -<br/> |
78 | | - |
79 | | ---- |
80 | | - |
81 | | -## DO NOT FORGET BEFORE USING: |
82 | | - |
83 | | -* Make sure your FormsAuthentication cookie is set correctly |
84 | | -* Verify/change the assembly metadata for System.Web.Extensions which is used to get the Type definition for RestHandlerWithSession: |
85 | | -```csharp |
86 | | -Type _RestHandlerWithSessionType = Type.GetType("System.Web.Script.Services.RestHandlerWithSession, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"); |
87 | | - |
88 | | -// the "Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" part must match YOUR spesific scenario |
| 67 | +or |
| 68 | +### Decorated on a MasterPage Class: |
| 69 | +```csharp |
| 70 | +[RequiresAuthentication] |
| 71 | +public partial class WebFormsMasterPage : System.Web.UI.MasterPage |
89 | 72 | ``` |
0 commit comments